Lecture 002 - Safe Semantics

Safety: ensure "bad" thing never happen

these usually result in undefined behavior, leave room for attackers to "define"

Liveness: ensure "good" thing always happen

Liveness is more difficult to enforce.

Information Flow: transformation of info between different systems

Solution: static check on "contracts"/asserts

Memory Safety

Attack methods:

Tiny Imperative Language

Value: z \in \mathbb{Z}

Expression: (syntax, notation, e.g. value): e ::= c|x|e_1+e_2|e_1 - e_2|

Expression is only meaningful given a state.

State w, u, v:

\cdot[[\cdot]]: evaluation. We evaluate the value of expression (second argument) in the state (first argument). The resulting type is a value.

Programs: \alpha, \beta ::= x:=e|\alpha;\beta|\text{if } Q \alpha \beta|\text{while } Q \alpha

Program is a relation (not necessarily a function, since function cannot be "nonterminating/loop" or "nondeterministic/random")

\cdot[[\cdot]]\cdot: prestate (first argument) and poststate (final argument) related by the program (middle arg). The resulting type is a truth statement.

Note that since the program might contain expression, the second argument is evaluated and executed in the state of the first argument. In a sense [[]] means evaluate and [] is constant assignment.

\cdot[\cdot \mapsto \cdot]: we take state (in the first argument) and make a expression (second argument) map to a constant value third argument. The resulting type is an updated state.

Formula: P, Q ::= \top | \bot | \neg P | P \land Q | P \lor Q| P \to Q | e_1 = e_2 | e_1 \neq e_2

\cdot \models \cdot A formula (second argument) is true in state (first argument). This resulting type is a truth statement.

\begin{array}{ll}w \models \top & \text { always } \\ w \models \bot & \text { never } \\ w \models e_1=e_2 & \text { iff } w \llbracket e_1 \rrbracket=w \llbracket e_2 \rrbracket \\ w \models e_1 \leq e_2 & \text { iff } w \llbracket e_1 \rrbracket \leq w \llbracket e_2 \rrbracket \\ w \models P \wedge Q & \text { iff } w \models P \text { and } w \models Q \\ w \models P \vee Q & \text { iff } w \models P \text { or } w \models Q \\ w \models \neg P & \text { iff } w \not \models P \\ w \models P \rightarrow Q & \text { iff whenever } w \models P \text { then also } w \models Q \\ w \models \forall x . P \quad & \text{ iff } \quad w[x \mapsto c] \models P \quad \text{ for every } c \in \mathbb{Z} \\ w \models \exists x . P \quad & \text{ iff } \quad w[x \mapsto c] \models P \quad \text{ for some } c \in \mathbb{Z} \end{array}

While Loop

\begin{array}{lll} w \llbracket \text { while } P \alpha \rrbracket \nu & \text { iff } & w \llbracket \text { while } P \alpha \rrbracket^n \nu \\ & & \text { for some } n \geq 0 \\ w \llbracket \text { while } P \alpha \rrbracket^0 \nu & \text { iff } & w \not \models P \text { and } \omega=\nu \\ w \llbracket \text { while } P \alpha \rrbracket^{n+1} \nu & \text { iff } & w \models P \text { and } w \llbracket \alpha \rrbracket \mu \text { for some } \mu \\ & & \text { and } \mu \llbracket \text { while } P \alpha \rrbracket^n \nu \end{array}

Semantics

Table of Content